Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli

5 months ago · a423151207
parent 033aef9f9d ffd887f8cc
commit a423151207
3 changed files with 19 additions and 9 deletions
--- a/acme/api/order_test.go
+++ b/acme/api/order_test.go
@ -1695,7 +1695,7 @@ func TestHandler_NewOrder(t *testing.T) {
 			}
 		},
 		"ok/default-naf-nbf-wireapp": func(t *testing.T) test {
-			acmeWireProv := newACMEProvWithOptions(t, &provisioner.Options{
+			acmeWireProv := newWireProvisionerWithOptions(t, &provisioner.Options{
 				OIDC: &provisioner.OIDCOptions{
 					Provider: provisioner.ProviderJSON{
 						IssuerURL:   "",
--- a/acme/api/wire_integration_test.go
+++ b/acme/api/wire_integration_test.go
@ -36,8 +36,21 @@ const (
 	linkerPrefix = "acme"
 )

-func TestIMIntegration(t *testing.T) {
-	prov := newACMEProvWithOptions(t, &provisioner.Options{
+func newWireProvisionerWithOptions(t *testing.T, options *provisioner.Options) *provisioner.ACME {
+	p := newProvWithOptions(options)
+	a, ok := p.(*provisioner.ACME)
+	if !ok {
+		t.Fatal("not a valid ACME provisioner")
+	}
+	a.Challenges = []provisioner.ACMEChallenge{
+		provisioner.WIREOIDC_01,
+		provisioner.WIREDPOP_01,
+	}
+	return a
+}
+
+func TestWireIntegration(t *testing.T) {
+	prov := newWireProvisionerWithOptions(t, &provisioner.Options{
 		OIDC: &provisioner.OIDCOptions{
 			Provider: provisioner.ProviderJSON{
 				IssuerURL:   "",
--- a/authority/provisioner/acme.go
+++ b/authority/provisioner/acme.go
@ -64,9 +64,6 @@ const (

 	// TPM is the format used to enable device-attest-01 with TPMs.
 	TPM ACMEAttestationFormat = "tpm"
-
-	WIREOIDC ACMEAttestationFormat = "oidc"
-	WIREDPOP ACMEAttestationFormat = "dpop"
 )

 // String returns a normalized version of the attestation format.
@ -77,7 +74,7 @@ func (f ACMEAttestationFormat) String() string {
 // Validate returns an error if the attestation format is not a valid one.
 func (f ACMEAttestationFormat) Validate() error {
 	switch ACMEAttestationFormat(f.String()) {
-	case APPLE, STEP, TPM, WIREOIDC, WIREDPOP:
+	case APPLE, STEP, TPM:
 		return nil
 	default:
 		return fmt.Errorf("acme attestation format %q is not supported", f)
@ -307,7 +304,7 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
 // Challenge provisioner property should have at least one element.
 func (p *ACME) IsChallengeEnabled(_ context.Context, challenge ACMEChallenge) bool {
 	enabledChallenges := []ACMEChallenge{
-		HTTP_01, DNS_01, TLS_ALPN_01, WIREOIDC_01, WIREDPOP_01,
+		HTTP_01, DNS_01, TLS_ALPN_01,
 	}
 	if len(p.Challenges) > 0 {
 		enabledChallenges = p.Challenges
@ -325,7 +322,7 @@ func (p *ACME) IsChallengeEnabled(_ context.Context, challenge ACMEChallenge) bo
 // AttestationFormat provisioner property should have at least one element.
 func (p *ACME) IsAttestationFormatEnabled(_ context.Context, format ACMEAttestationFormat) bool {
 	enabledFormats := []ACMEAttestationFormat{
-		APPLE, STEP, TPM, WIREOIDC, WIREDPOP,
+		APPLE, STEP, TPM,
 	}
 	if len(p.AttestationFormats) > 0 {
 		enabledFormats = p.AttestationFormats